libxine -- multiple buffer overflows in RTSP

Details

VuXML ID

1b70bef4-649f-11d9-a30e-000a95bc6fae

Discovery

2004-05-25

Entry

2005-01-12

A xine security announcement states:

Multiple vulnerabilities have been found and fixed in the
Real-Time Streaming Protocol (RTSP) client for RealNetworks
servers, including a series of potentially remotely
exploitable buffer overflows. This is a joint advisory by
the MPlayer and xine teams as the code in question is common
to these projects.

Severity: High (arbitrary remote code execution under the
user ID running the player) when playing Real RTSP streams.
At this time, there is no known exploit for these
vulnerabilities.